This release marks our official code freeze for 2.9, from here on out
we will only be accepting bug fixes to the 2.9 branch. Now is when we need
your help! As a community driven project, we need all the testing a release
this size can get. Let us know in the OSSEC mailing list, Github bug tracker,
or the official OSSEC irc channel.

I have updated the OSSEC Virtual Appliance to include OSSEC 2.8.1 and
Elasticsearch-Logstash-Kibana (ELK) log management and the ElasticHQ
system to handle ELK monitoring. It is a single gzipped OVA that can be
easily imported into VirtualBox or any other virtualization system that
supports OVA files.

OSSEC Commercial Support contracts will no longer be available directly
from Trend Micro as of March 2014; however all existing agreements will
continue to be fully supported until the end of their respective terms.

The OSSEC developers have been hard at work on version 2.8 and we have
made Beta-1 packages available for testing. See the
Downloads page. Helps us with the testing and fine
tuning of this preliminary release.

The recently disclosed CVE-2014-0160 vulnerability – heartbleed read
overrun – in OpenSSL may impact OSSEC installations where OSSEC was
deployed with OpenSSL support, either when built from source or
installed from RPMs. In particular this issue leaves ossec-authd open to
attack.

Our friends at AlienVault have created
and now host Debian packages of OSSEC for Ubuntu Wheezy, Jessie and Sid.
See the Downloads page for the links to the packages
and AlienVault’s respositories. Thanks to OSSEC Project team member
Santiago Gonzalez for taking the time to create these packages and
AlientVault for hosting them

OSSEC is moving from bitbucket to github, and in the process moving to a
new method for accepting contributions. This is an exciting change that
we feel will help push OSSEC forward in 2014 and further into the
future.

Among the many useful features of OSSEC is its capability to send alerts
to any system that can consume syslog data. This makes it easy to
combine OSSEC with a number of 3rd party SIEMs to store, search and
visualize security events. Splunk for
OSSEC is one such system that works
on top of the Splunk platform.